CN106533650A - Cloud-oriented interactive privacy protection method and system - Google Patents

Cloud-oriented interactive privacy protection method and system Download PDF

Info

Publication number
CN106533650A
CN106533650A CN201611027772.XA CN201611027772A CN106533650A CN 106533650 A CN106533650 A CN 106533650A CN 201611027772 A CN201611027772 A CN 201611027772A CN 106533650 A CN106533650 A CN 106533650A
Authority
CN
China
Prior art keywords
data
cloud server
encryption
attribute
anonymization
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611027772.XA
Other languages
Chinese (zh)
Other versions
CN106533650B (en
Inventor
刘君强
陈芳慧
董燕萍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Gongshang University
Original Assignee
Zhejiang Gongshang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Gongshang University filed Critical Zhejiang Gongshang University
Priority to CN201611027772.XA priority Critical patent/CN106533650B/en
Publication of CN106533650A publication Critical patent/CN106533650A/en
Application granted granted Critical
Publication of CN106533650B publication Critical patent/CN106533650B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Computing Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a cloud-oriented interactive privacy protection method and system. The privacy protection method is characterized in that a data owner uploads encrypted data and stores the encrypted data on a cloud server for a long time, and data sharing services meeting privacy protection requirements are provided; when a client sends a data request, anonymization processing of the encrypted data is directly carried out on the cloud server, and the data meeting the privacy protection requirements is output; and during the anonymization processing, the cloud server can interact with a proxy server for comparison processing of ciphertext data. The method has the advantages that the data stored in an encrypted manner can serve multiple purposes; and diversified privacy protections can be easily achieved. The privacy protection system has two preconditions: a cloud service provider may be a privacy attacker, but the services must be provided according to a protocol; and the client promises not to forward an obtained data sheet to any unauthorized third party (including the cloud service provider), so that conspiratorial attacks are prevented.

Description

Towards the interactive method for secret protection and system in high in the clouds
Technical field
The present invention relates to secret protection field, more particularly to a kind of interactive method for secret protection towards high in the clouds and it is System.
Background technology
With the arrival of cloud computing era, the characteristics of people increasingly like the facility and extensibility using cloud platform High in the clouds carries out data storage and calculating, also just has increasing technical backstopping in the related service of cloud computing and platform.In cloud Under computation schema, mass data can be uploaded to high in the clouds by network and be processed by data owner, but high in the clouds presence can not The factor leaned on, the individual privacy information in data can all have compromised possibility in transmission, storage and processing procedure.Cause This, the secret protection research under cloud environment has become the important research direction in secret protection field.
It is the facilitated method for realizing high in the clouds safety storage to be encrypted with the external bag data of encryption method.But it is general After logical encryption technology is encrypted to data, it is difficult to studied with ciphertext, and homomorphic cryptography technology is provided This possibility.To provide data sharing service, secret protection process was carried out before to high in the clouds ciphertext data deciphering, can be used Homomorphic cryptography technology come realize decrypt before data processing.
The system is based on above-mentioned present situation, and full homomorphic cryptography technology, secret protection technology and cloud environment are combined, and proposes one Kind towards it is under high in the clouds, full homomorphic cryptography technology, for realize data safety storage and protect data handling procedure personal secrets Interactive method and system.The major technique that concrete grammar is related to has:
Full homomorphic cryptography technology:The concept of homomorphic cryptography is just proposed early in Rivest in 1978 et al., but is stopped ever since It is stagnant not before.After Gentry in 2009 constructs first full homomorphic encryption scheme, have and develop rapidly.Full homomorphic cryptography Main contributions be realize in the case of non-decrypting encryption data is carried out arithmetic operation be equal in plain text carry out it is same The possibility of arithmetic operation, this is made that major contribution to cryptographic development.
Secret protection technology:Data anonymous are the major techniques for realizing secret protection, by the privacy to initial data After information carries out certain change so that attacker can not deduce specific certain individuality, so as to realize to individual privacy Protection.
The duplicate protection of data-privacy can be realized with reference to full homomorphic cryptography technology and anonymization technology, number can either be ensured According to safety storage beyond the clouds, the security of high in the clouds data handling procedure is also can guarantee that, final shared data can also meet hidden Private protection is required.
The content of the invention
It is an object of the invention to provide a kind of interactive method for secret protection and system towards high in the clouds, by full homomorphic cryptography Technology and secret protection technology combine, and apply in cloud computing, it is ensured that the security of high in the clouds data storage, and provide Data sharing service, realizes that high in the clouds directly carries out anonymization process to encryption data.With this system, it would however also be possible to employ different Privacy parameters or secret protection require to carry out anonymization process, moreover it is possible to which the data of encryption storage are used for various data mining tasks With various data sharing query tasks.
The high in the clouds intimacy protection system for being proposed has two premises:One be cloud service provider be probably privacy attack Person, but it is certain according to agreement offer service;Two is that client is promised to undertake and is not transmitted to obtained tables of data and carries including cloud service For business it is interior it is unwarranted other people, therefore there is no conspiracy attack.
To achieve these goals, the present invention is privacy attack person for cloud service provider it is assumed that designing facing cloud The interactive method for secret protection at end, is mainly realized by following steps:
1) data owner is according to each columns that full homomorphism key schedule is each attribute in extended coding tables of data According to being individually created key to (pkij,skij), i represents attribute sequence number, and j represents data row number, uses public key pkijIt is encrypted respectively Process, obtain encryption data table;
2) data owner generates key to (pk according to full homomorphism key schedulecomp,skcomp), use public key pkcomp Cryptographic Extensions coded data table all properties data are arranged, and obtain encryption data table copy;
3) data owner is by encryption data table and encryption data table copy, and in tables of data each attribute anonymization layer Level structure file, coding rule, public key pkcompCloud server storage is uploaded to as data outsourcing form;
4) client request shared data, first transmits the request to cloud server, cloud server record request numbering Uid, is subsequently forwarded to proxy server;
5) proxy server determines privacy parameters and indicates that cloud server starts to perform the anonymity based on full homomorphic cryptography Change is processed, and specifically includes following sub-step:
5.1) cloud server request proxy server assists to complete ciphertext comparing computing, proxy server private key skcompTo needing the ciphertext for comparing to be decrypted, plaintext comparison is then carried out, comparison result is back to into cloud server;
5.2) cloud server performs anonymization using the assistance of the outer bag data and proxy server that store beyond the clouds Process, search out the data row for meeting secret protection requirement;
6) to proxy server, proxy server generates interim close the information transmission that shareable data is arranged by cloud server Key (pktemp,sktemp), and use temporary public key pktempEncryption data row corresponding private key ski,tObtain pski,t, t represents ith attribute T row;
7) proxy server is by temporary public key pktempAnd pski,tIt is uploaded to cloud server, cloud server pktempWith pski,tRe-encrypted step 1) in encryption data table, obtain public key pktempUnder re-encryption tables of data;
8) client downloads re-encryption tables of data from cloud server, obtains coding rule, and obtains from proxy server Temporary private sktemp, re-encryption tables of data is decrypted and can just obtain meeting secret protection requirement with encoded translated afterwards Tables of data.
Further, the step 1) in, described extended coding tables of data is a kind of based on each attribute anonymization level The data sheet form of structure and coding rule, is that the data that data owner possesses are extended with process and coded treatment acquisition 's.Extension process is according to attribute anonymization hierarchical structure, by fuzzyyer tables of data indicating value insertion tables of data;Coded treatment It is that each attribute data in tables of data is represented with unique coding form.Described attribute anonymization hierarchical structure is configured by XML Document definition, by att element definitions, att elements include two attributes to individual data attribute:Index represents that data attribute is numbered, Name represents data attribute title.Individual data attribute tree includes node elements by vgh element definitions, in vgh elements, Raw value or obfuscation data value are by node element definitions, the data shape of innermost layer node element representation data owners Formula, the data of outer layer node element representations are the more fuzzy representations to nexine data.The anonymization hierarchical structure of each attribute is not Together, also sets itself can be needed according to system.
Further, the step 1) and step 2) in, described encryption data table is used for data publication;Encryption data table Copy is used for data anonymousization and processes operation.
Further, the step 3) in, described data outsourcing form includes encryption data table and encryption data table pair This, and attribute anonymization hierarchy structure file, coding rule, public key pkcomp, both ensure that data in upload and storing process Security in turn ensure that the security of data in cloud server data handling procedure.
Further, the step 5) in, described secret protection requires to refer to the sensitive information avoided in shared data It is associated with individual, and privacy parameters is referred to reach the parameter set by secret protection requirement, different secret protections is required The privacy parameters of setting are different, and secret protection parameter, secret protection require can sets itself, be not that fixation can not Become.Described anonymization process be data and data source are hidden or Fuzzy Processing technology.It is described based on complete The anonymization of homomorphic cryptography is processed and refers to the anonymization process realized with homomorphism addition and multiplying under ciphertext.
A kind of interactive intimacy protection system towards high in the clouds, the system include data owner, proxy server, client End and cloud server, data owner's connection proxy server and cloud server, described proxy server connection high in the clouds Server, and do not exist and to collude with behavior with cloud server;
Described data owner is the side for possessing mass data, for generating homomorphism key pair, and data is carried out Encryption;Encryption data table and copy, the anonymization hierarchy structure file of each attribute, public key and coding rule are sent to into high in the clouds Server;Private key is sent to into proxy server.
Described proxy server is the service end trusted by data owner, for determining that privacy parameters are required;From Private key is obtained at data owner, and generates interim homomorphism key pair, private key is encrypted;Realize and cloud server Information exchange;Distribute temporary key for client.
Described cloud server, for the safety storage of encryption data table, the anonymization of ciphertext data is processed;In anonymity Information exchange is carried out with proxy server in changing processing procedure, the comparison between ciphertext is realized.
Described client is to send a side of data sharing request, obtains re-encryption tables of data, coding rule and interim After private key, realize that data deciphering is shared.
The present invention has advantages below:Extended coding tables of data is uploaded after being encrypted using homomorphic cryptography technology To cloud server, it is ensured that upload the security with data in storing process;Data are stored in cloud service in an encrypted form Device, cloud server can directly carry out homomorphism arithmetic operation to ciphertext data, and the privacy realized in data handling procedure is protected Shield;Data longer-term storage after encryption server beyond the clouds, there is provided meet the number of different privacy parameters and secret protection requirement According to shared service;The data of encryption storage can have multiple use, such as common for various data mining tasks and various data Enjoy query task.
Description of the drawings
Fig. 1 is the interactive intimacy protection system towards high in the clouds of the present invention;
Fig. 2 is the interactive method for secret protection basic flow sheet towards high in the clouds;
Fig. 3 is the anonymization hierarchy structure file instance graph of three attributes.
Specific embodiment
The present invention use the higher full homomorphic encryption schemes of the BGV based on RLWE of current efficiency (Z.Brakerski, C.Gentry,and V.Vaikuntanathan.(leveled)fully homomorphic encryption without bootstrapping.TOCT,6(3):13,2014.Preliminary version in ITCS 2012.), for the ease of reason Principle to full homomorphic cryptography is made introduction by solution first.
Firstth, parameter setting.The full homomorphic encryption scheme that the present invention is adopted is based on polynomial ring, polynomial ringD is 2 power power, and λ is the security parameter of homomorphic encryption scheme, and ciphertext multinomial coefficient takes μ bit moulds Number q, L is binary arithmetic operation circuit depth, other specification (d=d (λ, μ, b), n=n (λ, μ, b),χ=χ (λ, μ, b)) is guaranteeing 2λSecurity.N=1 is exactly instantiation of the setting based on RLWE. In order to allow full homomorphic cryptography to be applied to universe anonymity algorithm, plaintext space is set as R2=R/2R.
Secondth, key schedule.Key is as follows to generating:GHE.SecretKeyGen(params):Choose s' ← χn, Obtain private keyGHE.PublicKeyGen(params,sk):Private Key as input sk=s=(1, s'), s [0]=1,Also parameter params=(q, d, n, N, χ).It is uniform to generate one Individual matrixOne vector e ← χNA is arranged with a set b ← A's'+2e. becomes (n+1) column matrix comprising b, Aft section is the n column matrix (A s=2e) of-A'.Public key pk=A.
Circulation j=L to 0, runs paramsj←GHE.Setup(1λ,1(j+1)·μ, b) come the level of the mould that obtains successively decreasing from qL ((L+1) μ bits) is to q0(μ bits). circulation j=L-1 to 0, parameter paramsjMiddle djValue be replaced by d=dL, it is distributed χj It is replaced by χ=χL
FHE.KeyGen(paramsj):J=L is to 0 for circulation, is implemented as described below:
1st, run sj←GHE.SecretKeyGen(paramsj)and Aj←GHE.PublicKeyGen(paramsj, sj)。
2nd, arranges'jIt is sjTensor, its coefficient is in RqjIn sjTwo coefficients Product.
3rd, s is set "j←BitDecomp(s'j,qj)。
4th, run τs”j+1→sj←SwitchKeyGen(s”j,sj-1), this step is omitted as j=L.
Private key sk includes all sj, public key pk include all AjAnd τs”j+1→sj
3rd, AES.FHE.Enc(params,pk,m):In R2In find information m, run GHE.Enc (AL,m)。 GHE.Enc(pk,m):In order to encrypt an information m ∈ R2, arrangeSamplingOutput Ciphertext
4th, decipherment algorithm.FHE.Dec(params,sk,c):Assume that ciphertext is in sjUnder, run GHE.Dec (sj, c).GHE.Dec(sk,c):Output decryption information m ← [[<c,s>]q]2
5th, homomorphism addition.FHE.Add(pk,c1,c2):Input two equally uses private key sjThe ciphertext of encryption.C is set3 ←c1+c2mod qj。c3It is exactly in s'jUnder ciphertext (s'jParameter include all sjParameter becauseAnd And s'jFirst coefficient for 1), export c4=FHE.Refresh (c3s”j→sj-1,qj,qj-1)。
6th, homomorphism multiplication.FHE.Mult(pk,c1,c2):Input two equally uses private key sjThe ciphertext of encryption.First, New ciphertext is in private keyUnder, it is linear equalityCoefficient vector c3, export c4= FHE.Refresh(c3s”j→sj-1,qj,qj-1)。
FHE.Refresh(c,τs”j→sj-1,qj,qj-1):Input private key s'jUnder ciphertext, auxiliary information τs”j→sj-1To help Key is helped to change, current and next modulus is qjAnd qj-1, do following work:Launch c first1←Powersof2(c,qj).So After carry out analog-to-digital conversion, c2←Scale(c1,qj,qj-1, 2), corresponding private key s "jWith modulus qj-1.Key conversion is carried out again, is exported c3←SwitchKey(τs”j→sj-1,c2,qj-1), corresponding private key sj-1With modulus qj-1
(c, p, q, are 2) mould converting algorithm to wherein c'=Scale, and p, q are two odd modes, and c is integer vectors, c' It is the integer vectors for being close to (p/q) c and meets c'=c mod 2.X is resolved into For its bit method for expressing, OutputSwitchKeyGen (s1,s2,n1,n2, q) it is input into two private keysWith the dimension of private key, modulus q, private key s2WithOperation GHE.PublicKeyGen (s2, N) and public key A is obtained, generate B=A+Powesof2 (s1, q), then Auxiliary information τ of outputs1→s2=B realizes exchanging.Wherein,
Below in conjunction with the accompanying drawings 2 and 3 pairs of specific embodiments of the invention of accompanying drawing be described in further detail.
The growth data table of table 2 is that the data that data owner possesses are extended with process to obtain, according to the category of Fig. 3 Property anonymization hierarchy structure file instance graph, data is represented with the fuzzy data of multiple levels, and is incorporated into same tables of data In, each attribute hierarchies number is equal to the columns of the attribute in growth data table.Extended coding tables of data is by growth data table Data carry out the result of coded treatment according to coding rule, and the extended coding tables of data in table 3 is according to binary processing Obtain, the data encoding representation of each attribute is unique.
1 growth data table of table
2 extended coding tables of data of table
1. data owner generates some keys to (pk using homomorphism key schedule FHE.KeyGenij,skij), and Each row of extended coding tables of data table 2 are encrypted respectively with different public keys, obtain the growth data table e for encrypting2RT.Attribute has 3, there are 2,2,3 column datas respectively, so having seven keys pair, respectively (pk11,sk11), (pk12,sk12), (pk21, sk21), (pk22,sk22), (pk31,sk31), (pk32,sk32), (pk33,sk33)。
2. data owner generates key to (pk using homomorphism key schedule FHE.KeyGencomp,skcomp), with public affairs Key pkcomp2 all row of black list, obtain the growth data table copy e for encrypting2RTcomp
3. data owner uploads e2RT、e2RTcomp, coding rule, public key pkcompAnd each attribute is hidden in tables of data Nameization hierarchy structure file is to cloud server.
4. client asks shared data to cloud server.
5. cloud server record request numbering uid, is subsequently forwarded to proxy server.
6. proxy server determines privacy parameters and secret protection requirement, and indicates that cloud server is performed at anonymization Reason.In embodiment, we set privacy parameters as 3, meet in the tables of data of secret protection requirement, it is desirable to which each record is at least Comprising 3-1 bar identical recordings.Using anonymization processing mode be:In e2RTcompIn tables of data, each attribute is extracted respectively One column data constitutes new ciphertext tables of data re as Fuzzy processing result2RT。
7. outer bag data of the cloud server using storage beyond the clouds perform under ciphertext data based on homomorphic cryptography technology Anonymization process, and ask proxy server to assist the comparison calculation for completing between ciphertext when needed.We adopt homomorphism The homomorphism addition FHE.Add of encryption technology and homomorphism multiplication FHE.Mult computings are to ciphertext tables of data re2Two in RT are concrete Compare between record, statistics obtains comparison result, if being mutually all 1 ciphertext, is not all 0 ciphertext.With homomorphism addition Computing FHE.Add is calculated and is belonged to a kind of data volume of record, but this data volume is ciphertext form, so needing to ask generation Reason server assists decryption.
8. proxy server obtains private key sk from data ownercomp, what decryption cloud server transmission came needs ratio To each record data volume ciphertext, after decryption with setting privacy parameters 3 compare, then to cloud server return Comparison result information.If ciphertext tables of data re2In RT, each record illustrates the ciphertext data including at least 2 identical recordings Table re2RT meets secret protection requirement.
9., after cloud server carries out anonymization process, the data column information for meeting secret protection requirement is returned to into agency Server.When the 1st row for taking the 1st attribute, the 0th row of the 2nd attribute, during the 2nd row of the 3rd attribute, 2 kinds of records are had, Respectively { Any, Male, Any } { Any, Female, Any }, every kind of record at least 2 datas are consistent with which, that is to say, that every Kind of record is including at least 3 datas, then by data row (1,0,2) information return to proxy server.
10. proxy server generates temporary key to (pktemp,sktemp), use temporary public key pktempEncryption data row (1,0, 2) the private key sk corresponding to1,1,sk2,0,sk3,2Obtain psk1,1,psk2,0,psk3,2
Proxy server uploads temporary public key pktempAnd psk1,1,psk2,0,psk3,2To cloud server.
Cloud server psk1,1,psk2,0,psk3,2Re-encryption tables of data e2Corresponding column data in RT, turn over number It is temporary public key pk according to tabletempUnder re-encryption tables of data.
Client downloads re-encryption tables of data from cloud server, obtains coding rule, and obtains from proxy server Temporary private sktemp, re-encryption tables of data is decrypted and obtains meeting being total to for secret protection requirement with encoded translated afterwards The tables of data enjoyed.
In sum, the interactive method for secret protection and system towards high in the clouds for being provided by the present invention, is being joined in many ways With in the case of, realize the safe handling of data and share.And in the case where privacy is not revealed, proxy server can be used Process is decrypted to ciphertext data, possibility is provided for the comparison operation in anonymization processing procedure under ciphertext.Finally, visitor Family end obtains meeting the data ciphertext of secret protection requirement from high in the clouds, and obtains the interim private for decryption from proxy server Key, client obtain final plaintext result by decryption, for data sharing.
For embodiment disclosed above so that those skilled in the art can be using the present invention, for base in embodiment It can be attainable using various revisable methods for professional and technical personnel in the anonymization operation of full homomorphism to be.It is special It is not the privacy parameters of setting and the modification of secret protection requirement is obvious for professional and technical personnel in the field.Cause This, the present invention will not be limited to embodiment illustrated herein, and it is consistent to be to fit to system disclosed herein principle Scope.

Claims (6)

1. a kind of interactive method for secret protection towards high in the clouds, it is characterised in that comprise the steps:
1) data owner is according to each column data list that full homomorphism key schedule is each attribute in extended coding tables of data It is only into key to (pkij,skij), i represents attribute sequence number, and j represents data row number, uses public key pkijIt is encrypted respectively, Obtain encryption data table;
2) data owner generates key to (pk according to full homomorphism key schedulecomp,skcomp), use public key pkcompEncryption Extended coding tables of data all properties data are arranged, and obtain encryption data table copy;
3) data owner is by encryption data table and encryption data table copy, and in tables of data each attribute anonymization level knot Structure file, coding rule, public key pkcompCloud server storage is uploaded to as data outsourcing form;
4) client request shared data, first transmits the request to cloud server, and cloud server record asks numbering uid, It is subsequently forwarded to proxy server;
5) proxy server determines privacy parameters and indicates that cloud server starts to perform at the anonymization based on full homomorphic cryptography Reason, specifically includes following sub-step:
5.1) cloud server request proxy server assists to complete ciphertext comparing computing, proxy server private key skcomp To needing the ciphertext for comparing to be decrypted, plaintext comparison is then carried out, comparison result is back to into cloud server;
5.2) cloud server performs anonymization using the assistance of the outer bag data and proxy server that store beyond the clouds and processes, Search out the data row for meeting secret protection requirement;
6) to proxy server, proxy server generates temporary key to the information transmission that shareable data is arranged by cloud server (pktemp,sktemp), and use temporary public key pktempEncryption data row corresponding private key ski,tObtain pski,t, t represents ith attribute T is arranged;
7) proxy server is by temporary public key pktempAnd pski,tIt is uploaded to cloud server, cloud server pktempWith pski,tRe-encrypted step 1) in encryption data table, obtain public key pktempUnder re-encryption tables of data;
8) client downloads re-encryption tables of data from cloud server, obtains coding rule, and obtains interim from proxy server Private key sktemp, re-encryption tables of data is decrypted and can just obtain meeting the data of secret protection requirement with encoded translated afterwards Table.
2. a kind of interactive method for secret protection towards high in the clouds according to claim 1, it is characterised in that the step 1), in, described extended coding tables of data is a kind of based on each attribute anonymization hierarchical structure and the tables of data shape of coding rule Formula, is that the data that data owner possesses are extended with process and coded treatment acquisition.Extension process is hidden according to attribute Nameization hierarchical structure, by fuzzyyer tables of data indicating value insertion tables of data;Coded treatment is by each attribute data in tables of data Represented with unique coding form.Described attribute anonymization hierarchical structure is defined by XML configuration file, individual data attribute by Att element definitions, att elements include two attributes:Index represents that data attribute is numbered, and name represents data attribute title.It is single Individual data attribute tree shape structure includes node elements, raw value or obfuscation number by vgh element definitions, in vgh elements According to value by node element definitions, the data mode of innermost layer node element representation data owners, outer layer node element representations Data are the more fuzzy representations to nexine data.The anonymization hierarchical structure of each attribute is different, also can need certainly according to system Row setting.
3. a kind of interactive method for secret protection towards high in the clouds according to claim 1, it is characterised in that the step 1) with step 2) in, described encryption data table is used for data publication;Encryption data table copy is used for data anonymousization and processes behaviour Make.
4. a kind of interactive method for secret protection towards high in the clouds according to claim 1, it is characterised in that the step 3), in, described data outsourcing form includes encryption data table and encryption data table copy, and attribute anonymization hierarchical structure File, coding rule, public key pkcomp, both ensure that the security of data in upload and storing process in turn ensure that cloud service The security of data in device data handling procedure.
5. a kind of interactive method for secret protection towards high in the clouds according to claim 1, it is characterised in that the step 5), in, described secret protection is required to refer to and avoids the sensitive information in shared data from being associated with individual, and privacy parameters are Refer to that, to reach the parameter set by secret protection requirement, different secret protections requires that the privacy parameters of setting are different and hidden Private Protection parameters, secret protection require can sets itself, be not to fix immutable.It is right that described anonymization is processed Data and data source be hidden or Fuzzy Processing technology.The described anonymization based on full homomorphic cryptography is processed and refers to fortune Realize that the anonymization under ciphertext is processed with homomorphism addition and multiplying.
6. a kind of interactive intimacy protection system towards high in the clouds, it is characterised in that the system includes data owner, agency's clothes Business device, client and cloud server, data owner's connection proxy server and cloud server, described proxy server Connection cloud server, and do not exist and to collude with behavior with cloud server;
Described data owner is the side for possessing mass data, for generating homomorphism key pair, and data is encrypted; Encryption data table and copy, the anonymization hierarchy structure file of each attribute, public key and coding rule are sent to into cloud service Device;Private key is sent to into proxy server.
Described proxy server is the service end trusted by data owner, for determining that privacy parameters are required;From data Private key is obtained at owner, and generates interim homomorphism key pair, private key is encrypted;Realize the letter with cloud server Breath interaction;Distribute temporary key for client.
Described cloud server, for the safety storage of encryption data table, the anonymization of ciphertext data is processed;At anonymization Information exchange is carried out with proxy server during reason, the comparison between ciphertext is realized.
Described client is to send a side of data sharing request, obtains re-encryption tables of data, coding rule and temporary private Afterwards, realize that data deciphering is shared.
CN201611027772.XA 2016-11-17 2016-11-17 Interactive method for secret protection and system towards cloud Active CN106533650B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611027772.XA CN106533650B (en) 2016-11-17 2016-11-17 Interactive method for secret protection and system towards cloud

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611027772.XA CN106533650B (en) 2016-11-17 2016-11-17 Interactive method for secret protection and system towards cloud

Publications (2)

Publication Number Publication Date
CN106533650A true CN106533650A (en) 2017-03-22
CN106533650B CN106533650B (en) 2019-04-02

Family

ID=58352785

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611027772.XA Active CN106533650B (en) 2016-11-17 2016-11-17 Interactive method for secret protection and system towards cloud

Country Status (1)

Country Link
CN (1) CN106533650B (en)

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107404538A (en) * 2017-08-18 2017-11-28 金蝶软件(中国)有限公司 A kind of cloud data transmission method and its server
CN108011714A (en) * 2017-11-30 2018-05-08 公安部第三研究所 Guard method and the system of data object main body mark are realized based on cryptography arithmetic
CN109800595A (en) * 2018-12-26 2019-05-24 全球能源互联网研究院有限公司 A kind of electric power data sharing method and system
CN110099043A (en) * 2019-03-24 2019-08-06 西安电子科技大学 The hiding more authorization center access control methods of support policy, cloud storage system
CN110176983A (en) * 2019-05-22 2019-08-27 西安电子科技大学 Privacy protection association rule mining based on full homomorphic cryptography
CN110190945A (en) * 2019-05-28 2019-08-30 暨南大学 Based on adding close linear regression method for secret protection and system
CN110365679A (en) * 2019-07-15 2019-10-22 华瑞新智科技(北京)有限公司 Context aware cloud data-privacy guard method based on crowdsourcing assessment
CN110636070A (en) * 2019-09-26 2019-12-31 支付宝(杭州)信息技术有限公司 Data sending method, data query method, device, electronic equipment and system
CN111125734A (en) * 2019-12-20 2020-05-08 深圳前海微众银行股份有限公司 Data processing method and system
CN111143880A (en) * 2019-12-27 2020-05-12 中电长城网际系统应用有限公司 Data processing method and device, electronic equipment and readable medium
CN111159761A (en) * 2019-12-20 2020-05-15 深圳前海微众银行股份有限公司 Model training method and device
CN111460475A (en) * 2020-03-27 2020-07-28 公安部第三研究所 Method for realizing data object subject de-identification processing based on cloud service
WO2020242509A1 (en) 2019-05-31 2020-12-03 Intuit Inc. Privacy preserving server
CN112231736A (en) * 2020-11-04 2021-01-15 广东辰宜信息科技有限公司 Fully homomorphic encryption microsystem, computing method, encryption method, processing end and medium
CN112788001A (en) * 2020-12-28 2021-05-11 建信金融科技有限责任公司 Data encryption-based data processing service processing method, device and equipment
CN112818362A (en) * 2021-01-29 2021-05-18 江苏理工学院 Public key encryption method based on R-LWE
WO2021109756A1 (en) * 2019-12-03 2021-06-10 重庆交通大学 Proxy anonymous communication method based on homomorphic encryption scheme
CN113127536A (en) * 2021-04-14 2021-07-16 上海同态信息科技有限责任公司 Offline fuzzy matching framework based on homomorphic configuration encryption
TWI734368B (en) * 2019-06-18 2021-07-21 開曼群島商創新先進技術有限公司 Data homomorphic encryption and decryption method and device for realizing privacy protection
CN113157778A (en) * 2021-06-09 2021-07-23 富算科技(上海)有限公司 Proxiable query method, system, device and medium for distributed data warehouse
US11159305B2 (en) 2019-06-18 2021-10-26 Advanced New Technologies Co., Ltd. Homomorphic data decryption method and apparatus for implementing privacy protection
CN114386072A (en) * 2022-01-13 2022-04-22 中国科学技术大学 Data sharing method, device and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103903325A (en) * 2013-07-08 2014-07-02 苏州大学 Safe electronic voting system based on identity signature
US20150058629A1 (en) * 2013-08-21 2015-02-26 Mark D. Yarvis Processing Data Privately in the Cloud
CN105072157A (en) * 2015-07-15 2015-11-18 柳州首光科技有限公司 Network-based data storage system having privacy protection function

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103903325A (en) * 2013-07-08 2014-07-02 苏州大学 Safe electronic voting system based on identity signature
US20150058629A1 (en) * 2013-08-21 2015-02-26 Mark D. Yarvis Processing Data Privately in the Cloud
CN105072157A (en) * 2015-07-15 2015-11-18 柳州首光科技有限公司 Network-based data storage system having privacy protection function

Cited By (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107404538A (en) * 2017-08-18 2017-11-28 金蝶软件(中国)有限公司 A kind of cloud data transmission method and its server
CN107404538B (en) * 2017-08-18 2021-01-22 金蝶软件(中国)有限公司 Cloud data transmission method and server thereof
CN108011714A (en) * 2017-11-30 2018-05-08 公安部第三研究所 Guard method and the system of data object main body mark are realized based on cryptography arithmetic
CN108011714B (en) * 2017-11-30 2020-10-02 公安部第三研究所 Method and system for protecting data object body identification based on cryptology operation
CN109800595A (en) * 2018-12-26 2019-05-24 全球能源互联网研究院有限公司 A kind of electric power data sharing method and system
CN110099043A (en) * 2019-03-24 2019-08-06 西安电子科技大学 The hiding more authorization center access control methods of support policy, cloud storage system
CN110176983A (en) * 2019-05-22 2019-08-27 西安电子科技大学 Privacy protection association rule mining based on full homomorphic cryptography
CN110176983B (en) * 2019-05-22 2021-09-03 西安电子科技大学 Privacy protection association rule mining method based on fully homomorphic encryption
CN110190945A (en) * 2019-05-28 2019-08-30 暨南大学 Based on adding close linear regression method for secret protection and system
CN110190945B (en) * 2019-05-28 2022-07-19 暨南大学 Linear regression privacy protection method and system based on multiple encryptions
WO2020242509A1 (en) 2019-05-31 2020-12-03 Intuit Inc. Privacy preserving server
EP3871127A4 (en) * 2019-05-31 2022-07-27 Intuit Inc. Privacy preserving server
TWI734368B (en) * 2019-06-18 2021-07-21 開曼群島商創新先進技術有限公司 Data homomorphic encryption and decryption method and device for realizing privacy protection
US11159305B2 (en) 2019-06-18 2021-10-26 Advanced New Technologies Co., Ltd. Homomorphic data decryption method and apparatus for implementing privacy protection
CN110365679B (en) * 2019-07-15 2021-10-19 华瑞新智科技(北京)有限公司 Context-aware cloud data privacy protection method based on crowdsourcing evaluation
CN110365679A (en) * 2019-07-15 2019-10-22 华瑞新智科技(北京)有限公司 Context aware cloud data-privacy guard method based on crowdsourcing assessment
CN110636070A (en) * 2019-09-26 2019-12-31 支付宝(杭州)信息技术有限公司 Data sending method, data query method, device, electronic equipment and system
WO2021109756A1 (en) * 2019-12-03 2021-06-10 重庆交通大学 Proxy anonymous communication method based on homomorphic encryption scheme
CN111159761B (en) * 2019-12-20 2022-06-24 深圳前海微众银行股份有限公司 Model training method and device
CN111125734A (en) * 2019-12-20 2020-05-08 深圳前海微众银行股份有限公司 Data processing method and system
CN111125734B (en) * 2019-12-20 2023-03-31 深圳前海微众银行股份有限公司 Data processing method and system
CN111159761A (en) * 2019-12-20 2020-05-15 深圳前海微众银行股份有限公司 Model training method and device
CN111143880A (en) * 2019-12-27 2020-05-12 中电长城网际系统应用有限公司 Data processing method and device, electronic equipment and readable medium
CN111143880B (en) * 2019-12-27 2022-06-07 中电长城网际系统应用有限公司 Data processing method and device, electronic equipment and readable medium
CN111460475B (en) * 2020-03-27 2023-04-25 公安部第三研究所 Method for implementing de-identification processing of data object main body based on cloud service
CN111460475A (en) * 2020-03-27 2020-07-28 公安部第三研究所 Method for realizing data object subject de-identification processing based on cloud service
CN112231736A (en) * 2020-11-04 2021-01-15 广东辰宜信息科技有限公司 Fully homomorphic encryption microsystem, computing method, encryption method, processing end and medium
CN112788001B (en) * 2020-12-28 2023-04-07 建信金融科技有限责任公司 Data encryption-based data processing service processing method, device and equipment
CN112788001A (en) * 2020-12-28 2021-05-11 建信金融科技有限责任公司 Data encryption-based data processing service processing method, device and equipment
CN112818362A (en) * 2021-01-29 2021-05-18 江苏理工学院 Public key encryption method based on R-LWE
CN112818362B (en) * 2021-01-29 2023-09-22 江苏理工学院 Public key encryption method based on R-LWE
CN113127536A (en) * 2021-04-14 2021-07-16 上海同态信息科技有限责任公司 Offline fuzzy matching framework based on homomorphic configuration encryption
CN113127536B (en) * 2021-04-14 2023-07-28 上海同态信息科技有限责任公司 Offline fuzzy matching system based on homomorphic encryption
CN113157778B (en) * 2021-06-09 2021-09-24 富算科技(上海)有限公司 Proxiable query method, system, device and medium for distributed data warehouse
CN113157778A (en) * 2021-06-09 2021-07-23 富算科技(上海)有限公司 Proxiable query method, system, device and medium for distributed data warehouse
CN114386072A (en) * 2022-01-13 2022-04-22 中国科学技术大学 Data sharing method, device and system
CN114386072B (en) * 2022-01-13 2024-04-02 中国科学技术大学 Data sharing method, device and system

Also Published As

Publication number Publication date
CN106533650B (en) 2019-04-02

Similar Documents

Publication Publication Date Title
CN106533650B (en) Interactive method for secret protection and system towards cloud
Liang et al. Searchable attribute-based mechanism with efficient data sharing for secure cloud storage
Dong et al. Achieving an effective, scalable and privacy-preserving data sharing service in cloud computing
Cui et al. Efficient and expressive keyword search over encrypted data in cloud
EP2658165B1 (en) Cryptographic system, cryptographic communication method, encryption apparatus, key generation apparatus, decryption apparatus, content server, program, and storage medium
JP5422053B2 (en) Encryption system, encryption communication method, encryption device, key generation device, decryption device, content server device, program, storage medium
Han et al. A data sharing protocol to minimize security and privacy risks of cloud storage in big data era
CN106534313A (en) Frequentness measuring method and system for security and privacy protection facing cloud data issuing
Liu et al. Ciphertext‐policy attribute‐based encryption with partially hidden access structure and its application to privacy‐preserving electronic medical record system in cloud environment
Li et al. Traceable Ciphertext‐Policy Attribute‐Based Encryption with Verifiable Outsourced Decryption in eHealth Cloud
Zhou et al. Privacy preservation for outsourced medical data with flexible access control
Hao et al. Efficient attribute-based access control with authorized search in cloud storage
Aslan et al. Algebraic construction of cryptographically good binary linear transformations
Smithamol et al. Hybrid solution for privacy-preserving access control for healthcare data
CN105656881B (en) A kind of electronic health record can verify that outsourcing storage and retrieval system and method
Yang et al. A privacy‐preserving data transmission scheme based on oblivious transfer and blockchain technology in the smart healthcare
Khuntia et al. New hidden policy CP-ABE for big data access control with privacy-preserving policy in cloud computing
Zhou et al. Secure outsourced medical data against unexpected leakage with flexible access control in a cloud storage system
Suma et al. Brakerski‐Gentry‐Vaikuntanathan fully homomorphic encryption cryptography for privacy preserved data access in cloud assisted Internet of Things services using glow‐worm swarm optimization
Liu et al. Sharing and privacy in PHRs: Efficient policy hiding and update attribute-based encryption
Minh et al. Post-quantum commutative deniable encryption algorithm
JP2016115997A (en) Storage information access control method and program therefor
Sharma et al. Making data in cloud secure and usable: fully homomorphic encryption with symmetric keys
JP6885325B2 (en) Cryptographic device, decryption device, encryption method, decryption method, program
Worapaluk et al. A secure, traceable, and efficiently revocable cloud-based access control scheme using ciphertext policy attribute-based encryption and blockchain

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant